8.5
CVE-2025-65117
- EPSS 0.01%
- Veröffentlicht 16.01.2026 00:14:27
- Zuletzt bearbeitet 22.01.2026 15:14:11
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginAVEVA Process Optimization Use of Potentially Dangerous Function
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Aveva ≫ Process Optimization Version < 2025
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.005 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.7 | 1.1 | 6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 8.5 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ics-cert@hq.dhs.gov | 7.4 | 1.1 | 5.8 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
|
CWE-676 Use of Potentially Dangerous Function
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.